<!doctype html>
<html lang="en">
    <head>
        <script>
            var script = document.createElement('script');
            // Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
            // We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
            script.setAttribute('src', document.referrer + 'iframe_api.js');
            document.head.appendChild(script);
        </script>
    </head>
    <body>
        <button id="sendchat">Send chat message</button>
        <script>
            document.getElementById('sendchat').onclick = () => {
                WA.chat.sendChatMessage('Hello world!', 'Mr ROBOT');
            }
        </script>
        <div id="chatSent"></div>
        <script>
            window.addEventListener('load', () => {
                WA.chat.onChatMessage((message => {
                    const chatDiv = document.createElement('p');
                    chatDiv.innerText = message;
                    document.getElementById('chatSent').append(chatDiv);
                }));
            })
        </script>
    </body>
</html>